Setting up Derby to use your LDAP directory service

When specifying LDAP as your authentication service, you must specify what LDAP server to use.

To connect to the ApacheDS LDAP server, add the following lines to your Derby configuration file, You may also want to store these properties in your database and lock them down by setting the derby.database.propertiesOnly property (see Configuring coarse-grained user authorization for an example of how to lock down database properties):

  derby.authentication.ldap.searchAuthDN=cn=Directory Manager

Finally, start ij in the directory where you created your (this ensures that embedded Derby will come up with the authentication settings listed above). Run the following commands:

  ij version 10.16
  ij> connect 'jdbc:derby:testdb;create=true;user=cbuckley;password=secret';
  ij> quit;

Verify that authentication works by trying to connect again, this time with bad credentials:

  ij version 10.16
  ij> connect 'jdbc:derby:testdb;create=true;user=cbuckley;password=badpassword';
  ERROR 08004: Connection authentication failure occurred. Reason: Invalid authentication...
  ij> quit;

When you set the property derby.authentication.server, you can specify the LDAP server using just the server name, the server name and its port number separated by a colon, or an ldap URL as shown in the example. If you do not provide a full URL, Derby will by default use unencrypted LDAP. For details on the derby.authentication.server and derby.authentication.provider properties, see the Derby Reference Manual.

Related concepts
Booting an LDAP server
Guest access to search for DNs
LDAP performance issues
LDAP restrictions
JNDI-specific properties for external directory services